package com.weasel.security.helper;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.session.Session;

import javax.servlet.http.HttpSession;
import java.util.UUID;

/**
 * Created by Dylan on 2015/12/16.
 */
public final class CsrfHelper {

    public final static String TOKEN_NAME = "csrf_token";

    private static String createToken(){
        return UUID.randomUUID().toString();
    }

    public static void createTokenToSession(Session session){
        session.setAttribute(TOKEN_NAME,createToken());
    }

    public static boolean checkTokenFromSession(String token,Session session){

        return StringUtils.isNotBlank(token) &&
                StringUtils.equals(token,(String)session.getAttribute(TOKEN_NAME));
    }

    protected CsrfHelper(){}
}
